TradeRoute Went Down Following a Major Security Leak

Weeks before the darknet market DDoS attacks began, TradeRoute Market arranged weekly payments with an infamous darknet marketplace phisher known as “Phishkingz.” In a conversation with DeepDotWeb about two days before Traderoute went down, Phishkingz revealed that he had found a way to access code from the marketplace’s admin backend. Shortly after Phishkingz revealed his findings, TradeRoute exit scammed.

The marketplace went down during the most recent DDoS wave, alongside the majority of the “top markets.” As the downtime increased, market users posted on Reddit with increasingly credible concern. Phishkingz (PK) voiced his concern in a post titled “Dear TradeRoute Its [Phishkingz] aka BillyIsOnTheNet1 Either Post A Message Or I Leak The Source.”

DeepDotWeb also heard the phisher’s thoughts during a conversation with on jabber [email protected] (Jabber included at his request), PK’s official Jabber address. In a July interview with DeepDotWeb, PK explained that he “dominated the phishing scene on the darkweb.” And it was through his phishing schemes that he stumbled upon a critical TradeRoute bug. Under the BillyIsOnTheNet1 alias, PK messaged a TradeRoute technical admin about a vulnerability he (and another phisher) had discovered while creating a transparent proxy for TradeRoute credential phishing.

PK’s proxy—one of his phishing sites that, like any phishing site, looked almost identical to the real thing—granted access to TradeRoute’s “whole database.” The time between the discovery and disclosure is unknown. But, at some point following PK’s discovery, he used Dirbuster to scan TradeRoute directories and filenames. He then “channeled them through a transparent proxy.” And then building the database was fairly straightforward. TradeRoute handed PK $2,000 per week for the disclosure. PK sent DeepDotWeb copies of the scripts and clone sites for verification.

Note: All this, including the source code of the script which compromised TR, TR leaked source code, the full conversation with the admins and wallet addresses related to TR were provided to deepdotwebBEFORE Trade route went missing:

In a later message, PK revealed he had found more valuable bugs. “I have found several big bugs within the code [and] i am willing to work with you guys keeping this place safe and secure,” he said in the conversation with TradeRoute staff. The Technical admin denied that one of the bugs could exist and asked for the remaining two bugs mentioned by PK.

The phisher then announced, on September 11, that he would leak the full source code of the site unless the market admins paid him one bitcoin. That never happened. Instead, the staff decided to pay PK 0.375 BTC every Friday.

On September 12, the conversation thread between PK and the Technical admin had drawn to an end. The payments would arrive every Friday and required no user interaction as a script automatically deposited the payments into PK’s account. The TradeRoute deal required PK to keep silent about the vulnerabilities.

Payments would continue “as long as no leak is ever seen on the internet,” the admin wrote. “But if there’s any leak, or if you try to blackmail us again in the future you will automatically lose your privilege.” And all seemingly went well until roughly one month later. DeepDotWeb and Phishkingz had spoken throughout the month leading up to TradeRoute’s exit scam. Both suspected the marketplace had left for good before receiving confirmation from TradeRoute staff themselves.

On Reddit, as mentioned above, PK warned TradeRoute staff that if payment did not come his way on time, he would release the market’s source code. The absence of moderators on the TradeRoute subreddit allowed his posts to live on. PK revealed that he had messaged the TradeRoute staff who publicly used Reddit. He asked the moderators to relay the message to admins that they needed to pay him outside of the market. He asked them how they would be getting paid.

However, to TradeRoute Dispute and Support Admin “SamCulperTR,” the phisher pointed towards the evidence that the TradeRoute team had packed their bags. “No shit… And they barely paid you shit,” the admin wrote. (DeepDotWeb confirmed the authenticity of the messages by signing in to PK’s Reddit account.) PK said that he wished the market would come back and that he and “his partner” had not leaked any of the source code or sensitive files. “So I take it this is an exit scam then,” PK added.

Culper responded with few words, but just enough to prove that TradeRoute had exit scammed: “You are the reason they took off.”

Dream Market didn’t exit scam or go down though. Everything on that site is still working fine. I can at least respect them for their longevity, despite all their problems. They’re like the smoking, alcoholic, crack addicted uncle that lives to 100.

TradeRoute was the best marketplace I’ve used and I’ve used them all since SR1… I really wish the admins had more honour. They could have done so many different things besides exit scam. Hell they could have exit scammed and sold the source on to someone else! They clearly didn’t care about their project at all because they happily killed it without any hesitation :(

All You people that keep talking about vendor stores and vendor personal markets keep it to yourself. You don’t ruin a good thing when you have it. So shut up before everyone blames you for ruining what was agood idea that everyone has already known before your smart ass blabbed about it.

Yeah I just sent bitcoins over for an order just as it all went down! This investment was gonna save my moms house from being foreclosed! I’m not the only one who took loses so bad that its gonna put us on the streets! If you feel good about this then you have no conscious! You guys claimed to admiral u should find away to get people there money back and start another market! Really it wouldn’t be to hard and you guys would still walk away with a good amount of money! Glad to see you guys are happy walking off with millions leaving a lot of us fucked homeless and not able to trust the market anymore!

I appreciate the amount of work and dedication it took and takes to create something as wonderful as what you created. We all get into this knowing that shit happens and shit hits the fan and its always a moving target. To keep your head above water and fight off constant attacks has to be exhausting. It sucks to be at the top because people with no imagination or ability to make one single contribution to society cant stand that you have created something that they could never do. I don’t know how much money you walked away with and frankly I don’t care. Yes, I did not lose a bunch of money, but I have a good idea the ones who did probably made twice that amount on a daily basis. Its risky, you put your life and freedom on the line to provide a service to those of us who want to live in a world where we can make our own choices. Good luck in whatever it is you do, Thank you for risking your freedom to provide me a place to play. I am sorry to all of you who lost a buch of money and I can promise TR’s goal was not to scam anyone. They got screwed and probably ended up paying a poop ton of money, they got some of that back and ran away. If you want to be mad a someone, be mad at the dude who brought them down for the sole reason of letting everyone know how awesome they are.

Its the wild wild bit-west boys.
I love a good blag where no-one gets hurt and the blaggers ride off the he beach with a big bag of bitcoins to drink champagne.
I’m obviously pissed about the 0.5 BTc i got sitting isn escrow, but hey, I’m up on the deal.

Well as much as I hate to say, its karma for these bitches. I am Cosmic_Consciousness a vendor who was recently banned for âselective scammingâ from this now officially exit scammed market. If you take a look at my feedback across the board through all the markets I have operated on you will find it is long and formidable. I have put way more smiles on peopleâs faces and connected to people through the quality of product I provide. TradeRoute first removed my FE privileges, and because I regularly float ~$10k in escrow had I offered it, it would be another huge hit. I prefered to not let these assholes effect my business so I packed my bags and moved to Zion Marketplace where I am operational and where once again, just as I have before, start to build the feedback I earn. TradeRoute was 700 sales in 2 months with a 96% success rate. My feedback is the same across the board on all the dozen markets I have operated over and however many I will be operating over in the coming time.

Sorry if you lost your money, I saw this coming. I am a reputable vendor who was wronged by TradeRoute, and basically told them to not disrupt my business as I am an honest and trustworthy operator who has a long track record of solid feedback everywhere I choose to operate. Itâs just karma for these losersâ¦

I’m not sure I agree with your assertion that you have not selectively scammed people. You marked my package shipped 2 weeks ago and its not here yet. I’m willing to give you the benefit of the doubt but also think perhaps you protest too much. If it shows up, then I’ll post here again to correct the record.

As for TR, why would anyone want to use a market that holds your money when there are some where you pay directly? Also, I think there’s at least one distributed market that wouldn’t have a central server to be DDoS’d at all. Why aren’t people lining up for that?

This is of course the guy who used to shit talk TeamTrust and claim they sold “LSD-1” Back in the AB days. Untrustworthy vendor thats why he was banned. TR’s support staff genuinely was cracking down on bad vendors, It’s just that the owners chose to ditch. I’d advise avoiding CC on any future markets. Go with GammaGoblin or JoR.

Damn this site takes a while to post messages. By the time this one posts, there have been two prior messages from me. The second message casts doubt on Cosmic’s claim regarding selective scamming and promises an update. So, here’s the update:

I regret having written that second message because ultimately it was completely unnecessary. Cosmic has been a trusted vendor in my past and I’m glad to say remains a trusted vendor today. I should not have doubted him but I also wasn’t thinking clearly because of the DDoS attacks and snail mail I got from some fucker posing as a vendor trying to extort bitcoin from me after cancelling my order. I haven’t even read the whole letter. That piece of shit.

Since I don’t have a big economic stake in the markets, the hardest part for me is not being able to communicate with vendors about transactions that are in process during DDoS attacks. This last week has been a frustrating shit-storm. There must be a better way.

To all those who lost money in TR, I feel your pain. I lost money when Abay was seized. However, thanks to Cosmic; on this day, I’m feeling the love.

TRADEROUTE ADMINS BEST BE HIDDING UNDER A ROCK LOL YOU THINK YOU CAN STEAL PEOPLES FUNDS N JUST SCURRY AWAY LIKE RATS YOU ARE LOL
U BETTER HOPE THE FEDS GET U BEFORE SOMEONE U RIPPED OFF
IF PHISINGKINGS where able to get your vulnerability wait until know when you you have people with vengeance out for u enjoy the first little bit while u can u stupid foolish children u just put everyone u loved in jeopardy thats fucked

Lets offer a bounty to billyisonthenet1 , unless this is a joke made up by the scammer ,
He might have some data to collect the cunts , but i doubt it and i am pretty sure this cunts runs a different market under different identity.

But karma’s a bitch . You might autoknock you self on a wall driving , you cunt !

I was actually getting used to this market. And it’s actually pretty silly they took their bags and left us. Just like leaving a baby on the highway, this really pisses me off.. Good for me I only lost 3 euro, but I’m pretty sure some drugs kingpins lost a few K.

smh really just pissed my .5 btc that was about to clear went down but not mad honestly love win the bad guys win next time noobs never leave money on a site EVER .. like all sites some one can never turn down that big bag of coins when it gets BIG!

Phisingkingz if they genuinely did a runner with all the money. Firstly fuck you for black mailing cause I lost money but all isbforgiven if you can release data online that can prove who the trade route crew is so they can be found, and I don’t mean by LE

£300 down the pan i ordered last monday anyhope of them arriving im bloody skint left pennyless made me real stress mad angry and frustrated im having to take anxiety tablets to help relax me this is so not fair unbelivable i thought my days of losing money had gone when i give up gambling now this feal for all those who have had there bucks stolen

TradeRoute Admins are all BIRDS let them cherp cherp cherp.
birds of a feather all flock together.CHERP CHERP CHERP.
Bounty Will be Placed on The T.R ADMINS
have ur fun for now KIDS sucks to look over your shoulder for the rest of your lives. Not only that im sure you have family and loved ones who your just made targets for your selfishness. P.C is in the wakes for you BIRDS cherp cherp cherp

How can anyone be shocked by this turn of events. It’s a darknet market. It’s a criminal enterprise, run by criminals and patronized by criminals. Do you really think there is any “honor among thieves”? There isn’t. If you are smart, you never left BTC on the market. If you were a vendor waiting on someone to finalize or you were a customer who placed an order just before it went down, it’s a simple “wrong place wrong time” scenario. It sucks for sure but it’s the chance you take. Dealing IRL has actual physical risks as opposed to the strictly financial risks on the DNM’s. When you buy/sell drugs or other illicit goods you always run the risk of getting ripped off. Time to move on.

TR was taken over by the feds long ago and now they have shut down the market because they do not want to get charged with selling drugs to minors and selling child porn to their own citizens and being responsible for financial fraud, murder and other crimes against humanity around the globe.

Which DN search do you use? Because I have searched Grams, Ahmia, Not Evil and MetaGear to little avail. The only trusted reviews I could find was Grams but its so hard to find Independent Vendors because they mainly search Markets/ Vendors who are reviews on Markets. Can u point me in the right direction? I wld like to avoid markets if I could….Thanks in advance!!!

You’re in the same boat I’m in wonderwoman. I wish there were more hours in the day but I just don’t have the time to search, research, compare, verify, forum-hunt, jerk off, eat, jerk off again, and repeat. j/k about the jerkin off stuff….or am i?

Anyways, the dnm’s and forums are in shambles right now. Who to trust. Guess i’ll just have to keep looking.

Another market will pop up eventually that will be better than AB and TR. Until then I’ve been able to get on DM which I happen to love even though every one talks shit about it I’ve placed over 2 dozen orders and have never had a problem. I just wish that the good vendors would just open their own vendor shop on their own site like quite a few people already have like QUALITYKING if it’s still up. Oh and also what about this decentralized OpenBazaar 2.0? Anyone got opinions on that? Once again it showes DM down but I’m having no problem logging in. I love DM!

I call bullshit… I know programming and you cant do shit with the files you found… plus all he did was clone the site… doesn’t mean shit… anyone can do that. He never had access to the admin side of the server… just a little bitch ass script kiddie

There definitely needs to be a change. I had a few BTC in trade route ready to purchase as it went down. You learn how to trade and watch for the vendors/buyers scamming only to have the market place scam you. It is the nature of the beast.You also have LE spreading disinformation about the vendors as well as the vendors and markets competition.

I think vendors stores should be on the darknet so customers can deal with them direct. Reviews and ratings left on forums. This way it’s harder for LE to deal with.
They only bust the vendor so you go find some one else to buy from.

Why do you think you can find these people? Or get any money back? You not remember evolution? That’s how to exit is style, £35 million.

If you are still leaving funds in wallets you have yourself to blame.

For the record, a site using escrow is so much more likely to exit than an FE site. Always pay the vendor if you know then, a bulging escrow wallet will be a temptation to anybody!

To the fool above who claims to “know programming”, clearly you don’t. When unmasking files like that you will also have the IP address of the site and various other bits of information. If you haven’t set it up right then you need to run!

seriously just leave contact info, dumbass is on the thread and I’d rather not let him know where hes most likely to get his ass beat. also if you think he hacked the site ask him some questions about programming and hacking, his bs will be obvious. Also TR admins know who he is – that i made sure of.

So they can feel less sorry for us and let us know what they want us to know

JUST A SAYING

But I’m sure the one that did it will go to hell
He may have fucked us customers of traderoute that left some btc, it’s easy for him cause he knows how to use a computer, but when your final judgment with GOD Creator will come, He will send your ass straight to burn in Hell.

I Hope for you to read this and tell yourself that you put hundreds of people in bad position in their life, some of them dont earn much and you took them what they had, that is fucked up man..

BURN IN HELL whoever did this shit. Shame on you and your family. We all hope this monnaie will bring you cancer tomorrow.

For every great market that goes down a better one will show up, just like always. Until then I use Dream Market and i love it. IDK why everyone talks shit about DM, ive made 40 or 50 orders and yes 4 orders were recently. Just gotta stick with only a few vendors instead of ordering from one new one after another cuz chances are one of those vendors will fuck you over.

I don’t know what the fuss is all about. Its a known fact that darknet markets exist either to scam you off your money in the end, or simply get seized by the FBI. How can one expect trust from a darknet market, selling illegal stuff?

Its all business.

As for PK, great job. Somebody had to do this at one time or the other and I am glad that it was you guys, who had the honor of holding back the data. Thank you for not leaking the details, and instead asking for compensation – its just sad that the admins were too dumb to see the bigger picture here.

One would think that after AB was taken down, people would learn not to trust a market anymore than your virgin girlfriend. Anyway, I hear WallStreet Market is building quite the rep. I think its worth a try.

One would think that after AB was taken down, people would learn not to trust a market anymore than your virgin girlfriend. Anyway, I hear WallStreet Market is building quite the rep. I think its worth a try.

Really? People should not trust a market but try Wall St?
Fucking idiot.

Am very much surprised how TR can easily be manipulated by jst a mere word that they re site is vulnerable to phishing allowing PK pour out such word without a solid prove of his info about TR…i trust there is PGP why cant they communicate thru this encryption mail to confirmed PK of TR vulnerabilities…to my research i think TR is one of the best DNM followed by DM which happen to be the major market on DNM…i am a database of useless information exploring DNM bcos it amazed me so much to see great thing have not heard since i was born happening on darknet and i still want to know more about the ghost world…..am so sorry about those vendors and buyers who lost they re BTC of this exit scam site but i dont think TR has the intention of scamming people…it could ve been great if we give them a little more time to rise again as is not easy to run a market and stay strong after so many battle foughts and still fighting…i mean with the feds…fuck the fed…i love to go on darknet everytime and i was looking forward to place order on some great stuff i find interesting…

DM is still the only market on DNM i can vow for but you still ve to be careful when leaving your btc in your wallet…

Presumably anyone using multisig didn’t lose any coins, right? That’s the whole point of it. I heard plenty of people saying “use traderoute, they have multisig”. So I guess everyone was using multisig and everyone is fine? Or was there a difference between what people recommended and what people did?

Anyway, exit scam is part of the game with markets at the moment. I think it’s fair enough, you shouldn’t run a market for many years, it’s too dangerous. Best to provide a good service for a while, make money, facilitate good times for all, then pull the plug.

Hello everyone. Yesterday i received an letter from Netherlands. I was surprised to see i’ve got an message. I opened it up and i saw the letter in the pictures. Have anyone else encounter such a letter from TradeRoute? They basically want 0.1 or 0.3 bitcoins to leave me alone and don’t disclose my adress and name to the police + the fact that i bought 4-5 little orders of lsd, mushrooms and mdma for around $250 all in all. What danger can bring these situation? They had my name, adress and probably the orders that i made on traderoute, the login information. Please if anyone knows something, please tell me what should i expect..
Here are pictures of the letter: https://ibb.co/eoJSHbhttps://ibb.co/gE8SHbhttps://ibb.co/nR3GAw